CVE-2017-0925

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

b50421f8650a390aa637da68c7e0138dd764fdf3

Last affected

9c32fedb6d29601a9cb698a25f8b917724b484b3

Introduced

b50421f8650a390aa637da68c7e0138dd764fdf3

Last affected

9c32fedb6d29601a9cb698a25f8b917724b484b3

Introduced

235b8d50ad14e7cdf4bc61c3df070f38dee97974

Last affected

5a1abb98b40ef0047d634b6ff09c3379da46cff9

Introduced

235b8d50ad14e7cdf4bc61c3df070f38dee97974

Last affected

5a1abb98b40ef0047d634b6ff09c3379da46cff9

Introduced

d90716aff22310b27734df86d287d2cb4084fdbb

Last affected

3ec4b67ffebfd15dd22fca7b35b0405454422df7

Introduced

d90716aff22310b27734df86d287d2cb4084fdbb

Last affected

3ec4b67ffebfd15dd22fca7b35b0405454422df7

Introduced

6369db0196ec7b6e288b16382c95243424a59b62

Last affected

3f64be9aeeb1a8c7c88b50bdf0212118dc265ce6

Introduced

6369db0196ec7b6e288b16382c95243424a59b62

Last affected

3f64be9aeeb1a8c7c88b50bdf0212118dc265ce6

Introduced

Last affected

f33774cb120324d428dabf52c89b8a65e4d4c166

Database specific

{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "9.5.10"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "9.5.10"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.1.5"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.1.5"
        },
        {
            "introduced": "10.2.0"
        },
        {
            "last_affected": "10.2.5"
        },
        {
            "introduced": "10.2.0"
        },
        {
            "last_affected": "10.2.5"
        },
        {
            "introduced": "10.3.0"
        },
        {
            "last_affected": "10.3.3"
        },
        {
            "introduced": "10.3.0"
        },
        {
            "last_affected": "10.3.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Affected versions

v1.*

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v10.*

v10.1.0-ee

v10.1.0-rc1-ee

v10.1.0-rc2-ee

v10.1.0-rc3-ee

v10.1.0-rc4-ee

v10.1.1-ee

v10.1.2-ee

v10.1.3-ee

v10.1.4-ee

v10.1.5-ee

v10.2.0-ee

v10.2.0-rc1-ee

v10.2.0-rc2-ee

v10.2.0-rc3-ee

v10.2.0-rc4-ee

v10.2.1-ee

v10.2.2-ee

v10.2.3-ee

v10.2.4-ee

v10.2.5-ee

v10.3.0-ee

v10.3.0-rc1-ee

v10.3.0-rc2-ee

v10.3.0-rc3-ee

v10.3.0-rc4-ee

v10.3.0-rc5-ee

v10.3.1-ee

v10.3.2-ee

v10.3.3-ee

v2.*

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.5.0-ee

v6.6.0-ee

v6.7.0-ee

v6.7.0.rc1-ee

v6.8.0-ee

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

v9.*

v9.0.0-ee

v9.0.0-rc1-ee

v9.0.0-rc2-ee

v9.0.0-rc3-ee

v9.0.0-rc4-ee

v9.0.0-rc5-ee

v9.0.0-rc6-ee

v9.0.0-rc7-ee

v9.5.0-ee

v9.5.0-rc1-ee

v9.5.0-rc2-ee

v9.5.0-rc3-ee

v9.5.0-rc4-ee

v9.5.0-rc5-ee

v9.5.0-rc6-ee

v9.5.0-rc7-ee

v9.5.0-rc8-ee

v9.5.1-ee

v9.5.10-ee

v9.5.2-ee

v9.5.9-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0925.json"